1 /* 2 * CXL Utility library for mailbox interface 3 * 4 * Copyright(C) 2020 Intel Corporation. 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2. See the 7 * COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "hw/cxl/cxl.h" 12 #include "hw/pci/pci.h" 13 #include "qemu/cutils.h" 14 #include "qemu/log.h" 15 #include "qemu/units.h" 16 #include "qemu/uuid.h" 17 18 #define CXL_CAPACITY_MULTIPLIER (256 * MiB) 19 20 /* 21 * How to add a new command, example. The command set FOO, with cmd BAR. 22 * 1. Add the command set and cmd to the enum. 23 * FOO = 0x7f, 24 * #define BAR 0 25 * 2. Implement the handler 26 * static ret_code cmd_foo_bar(struct cxl_cmd *cmd, 27 * CXLDeviceState *cxl_dstate, uint16_t *len) 28 * 3. Add the command to the cxl_cmd_set[][] 29 * [FOO][BAR] = { "FOO_BAR", cmd_foo_bar, x, y }, 30 * 4. Implement your handler 31 * define_mailbox_handler(FOO_BAR) { ... return CXL_MBOX_SUCCESS; } 32 * 33 * 34 * Writing the handler: 35 * The handler will provide the &struct cxl_cmd, the &CXLDeviceState, and the 36 * in/out length of the payload. The handler is responsible for consuming the 37 * payload from cmd->payload and operating upon it as necessary. It must then 38 * fill the output data into cmd->payload (overwriting what was there), 39 * setting the length, and returning a valid return code. 40 * 41 * XXX: The handler need not worry about endianess. The payload is read out of 42 * a register interface that already deals with it. 43 */ 44 45 enum { 46 EVENTS = 0x01, 47 #define GET_RECORDS 0x0 48 #define CLEAR_RECORDS 0x1 49 #define GET_INTERRUPT_POLICY 0x2 50 #define SET_INTERRUPT_POLICY 0x3 51 FIRMWARE_UPDATE = 0x02, 52 #define GET_INFO 0x0 53 TIMESTAMP = 0x03, 54 #define GET 0x0 55 #define SET 0x1 56 LOGS = 0x04, 57 #define GET_SUPPORTED 0x0 58 #define GET_LOG 0x1 59 IDENTIFY = 0x40, 60 #define MEMORY_DEVICE 0x0 61 CCLS = 0x41, 62 #define GET_PARTITION_INFO 0x0 63 #define GET_LSA 0x2 64 #define SET_LSA 0x3 65 }; 66 67 /* 8.2.8.4.5.1 Command Return Codes */ 68 typedef enum { 69 CXL_MBOX_SUCCESS = 0x0, 70 CXL_MBOX_BG_STARTED = 0x1, 71 CXL_MBOX_INVALID_INPUT = 0x2, 72 CXL_MBOX_UNSUPPORTED = 0x3, 73 CXL_MBOX_INTERNAL_ERROR = 0x4, 74 CXL_MBOX_RETRY_REQUIRED = 0x5, 75 CXL_MBOX_BUSY = 0x6, 76 CXL_MBOX_MEDIA_DISABLED = 0x7, 77 CXL_MBOX_FW_XFER_IN_PROGRESS = 0x8, 78 CXL_MBOX_FW_XFER_OUT_OF_ORDER = 0x9, 79 CXL_MBOX_FW_AUTH_FAILED = 0xa, 80 CXL_MBOX_FW_INVALID_SLOT = 0xb, 81 CXL_MBOX_FW_ROLLEDBACK = 0xc, 82 CXL_MBOX_FW_REST_REQD = 0xd, 83 CXL_MBOX_INVALID_HANDLE = 0xe, 84 CXL_MBOX_INVALID_PA = 0xf, 85 CXL_MBOX_INJECT_POISON_LIMIT = 0x10, 86 CXL_MBOX_PERMANENT_MEDIA_FAILURE = 0x11, 87 CXL_MBOX_ABORTED = 0x12, 88 CXL_MBOX_INVALID_SECURITY_STATE = 0x13, 89 CXL_MBOX_INCORRECT_PASSPHRASE = 0x14, 90 CXL_MBOX_UNSUPPORTED_MAILBOX = 0x15, 91 CXL_MBOX_INVALID_PAYLOAD_LENGTH = 0x16, 92 CXL_MBOX_MAX = 0x17 93 } ret_code; 94 95 struct cxl_cmd; 96 typedef ret_code (*opcode_handler)(struct cxl_cmd *cmd, 97 CXLDeviceState *cxl_dstate, uint16_t *len); 98 struct cxl_cmd { 99 const char *name; 100 opcode_handler handler; 101 ssize_t in; 102 uint16_t effect; /* Reported in CEL */ 103 uint8_t *payload; 104 }; 105 106 #define DEFINE_MAILBOX_HANDLER_ZEROED(name, size) \ 107 uint16_t __zero##name = size; \ 108 static ret_code cmd_##name(struct cxl_cmd *cmd, \ 109 CXLDeviceState *cxl_dstate, uint16_t *len) \ 110 { \ 111 *len = __zero##name; \ 112 memset(cmd->payload, 0, *len); \ 113 return CXL_MBOX_SUCCESS; \ 114 } 115 #define DEFINE_MAILBOX_HANDLER_NOP(name) \ 116 static ret_code cmd_##name(struct cxl_cmd *cmd, \ 117 CXLDeviceState *cxl_dstate, uint16_t *len) \ 118 { \ 119 return CXL_MBOX_SUCCESS; \ 120 } 121 122 DEFINE_MAILBOX_HANDLER_ZEROED(events_get_records, 0x20); 123 DEFINE_MAILBOX_HANDLER_NOP(events_clear_records); 124 DEFINE_MAILBOX_HANDLER_ZEROED(events_get_interrupt_policy, 4); 125 DEFINE_MAILBOX_HANDLER_NOP(events_set_interrupt_policy); 126 127 /* 8.2.9.2.1 */ 128 static ret_code cmd_firmware_update_get_info(struct cxl_cmd *cmd, 129 CXLDeviceState *cxl_dstate, 130 uint16_t *len) 131 { 132 struct { 133 uint8_t slots_supported; 134 uint8_t slot_info; 135 uint8_t caps; 136 uint8_t rsvd[0xd]; 137 char fw_rev1[0x10]; 138 char fw_rev2[0x10]; 139 char fw_rev3[0x10]; 140 char fw_rev4[0x10]; 141 } QEMU_PACKED *fw_info; 142 QEMU_BUILD_BUG_ON(sizeof(*fw_info) != 0x50); 143 144 if (cxl_dstate->pmem_size < CXL_CAPACITY_MULTIPLIER) { 145 return CXL_MBOX_INTERNAL_ERROR; 146 } 147 148 fw_info = (void *)cmd->payload; 149 memset(fw_info, 0, sizeof(*fw_info)); 150 151 fw_info->slots_supported = 2; 152 fw_info->slot_info = BIT(0) | BIT(3); 153 fw_info->caps = 0; 154 pstrcpy(fw_info->fw_rev1, sizeof(fw_info->fw_rev1), "BWFW VERSION 0"); 155 156 *len = sizeof(*fw_info); 157 return CXL_MBOX_SUCCESS; 158 } 159 160 /* 8.2.9.3.1 */ 161 static ret_code cmd_timestamp_get(struct cxl_cmd *cmd, 162 CXLDeviceState *cxl_dstate, 163 uint16_t *len) 164 { 165 uint64_t time, delta; 166 uint64_t final_time = 0; 167 168 if (cxl_dstate->timestamp.set) { 169 /* First find the delta from the last time the host set the time. */ 170 time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 171 delta = time - cxl_dstate->timestamp.last_set; 172 final_time = cxl_dstate->timestamp.host_set + delta; 173 } 174 175 /* Then adjust the actual time */ 176 stq_le_p(cmd->payload, final_time); 177 *len = 8; 178 179 return CXL_MBOX_SUCCESS; 180 } 181 182 /* 8.2.9.3.2 */ 183 static ret_code cmd_timestamp_set(struct cxl_cmd *cmd, 184 CXLDeviceState *cxl_dstate, 185 uint16_t *len) 186 { 187 cxl_dstate->timestamp.set = true; 188 cxl_dstate->timestamp.last_set = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 189 190 cxl_dstate->timestamp.host_set = le64_to_cpu(*(uint64_t *)cmd->payload); 191 192 *len = 0; 193 return CXL_MBOX_SUCCESS; 194 } 195 196 static QemuUUID cel_uuid; 197 198 /* 8.2.9.4.1 */ 199 static ret_code cmd_logs_get_supported(struct cxl_cmd *cmd, 200 CXLDeviceState *cxl_dstate, 201 uint16_t *len) 202 { 203 struct { 204 uint16_t entries; 205 uint8_t rsvd[6]; 206 struct { 207 QemuUUID uuid; 208 uint32_t size; 209 } log_entries[1]; 210 } QEMU_PACKED *supported_logs = (void *)cmd->payload; 211 QEMU_BUILD_BUG_ON(sizeof(*supported_logs) != 0x1c); 212 213 supported_logs->entries = 1; 214 supported_logs->log_entries[0].uuid = cel_uuid; 215 supported_logs->log_entries[0].size = 4 * cxl_dstate->cel_size; 216 217 *len = sizeof(*supported_logs); 218 return CXL_MBOX_SUCCESS; 219 } 220 221 /* 8.2.9.4.2 */ 222 static ret_code cmd_logs_get_log(struct cxl_cmd *cmd, 223 CXLDeviceState *cxl_dstate, 224 uint16_t *len) 225 { 226 struct { 227 QemuUUID uuid; 228 uint32_t offset; 229 uint32_t length; 230 } QEMU_PACKED QEMU_ALIGNED(16) *get_log = (void *)cmd->payload; 231 232 /* 233 * 8.2.9.4.2 234 * The device shall return Invalid Parameter if the Offset or Length 235 * fields attempt to access beyond the size of the log as reported by Get 236 * Supported Logs. 237 * 238 * XXX: Spec is wrong, "Invalid Parameter" isn't a thing. 239 * XXX: Spec doesn't address incorrect UUID incorrectness. 240 * 241 * The CEL buffer is large enough to fit all commands in the emulation, so 242 * the only possible failure would be if the mailbox itself isn't big 243 * enough. 244 */ 245 if (get_log->offset + get_log->length > cxl_dstate->payload_size) { 246 return CXL_MBOX_INVALID_INPUT; 247 } 248 249 if (!qemu_uuid_is_equal(&get_log->uuid, &cel_uuid)) { 250 return CXL_MBOX_UNSUPPORTED; 251 } 252 253 /* Store off everything to local variables so we can wipe out the payload */ 254 *len = get_log->length; 255 256 memmove(cmd->payload, cxl_dstate->cel_log + get_log->offset, 257 get_log->length); 258 259 return CXL_MBOX_SUCCESS; 260 } 261 262 /* 8.2.9.5.1.1 */ 263 static ret_code cmd_identify_memory_device(struct cxl_cmd *cmd, 264 CXLDeviceState *cxl_dstate, 265 uint16_t *len) 266 { 267 struct { 268 char fw_revision[0x10]; 269 uint64_t total_capacity; 270 uint64_t volatile_capacity; 271 uint64_t persistent_capacity; 272 uint64_t partition_align; 273 uint16_t info_event_log_size; 274 uint16_t warning_event_log_size; 275 uint16_t failure_event_log_size; 276 uint16_t fatal_event_log_size; 277 uint32_t lsa_size; 278 uint8_t poison_list_max_mer[3]; 279 uint16_t inject_poison_limit; 280 uint8_t poison_caps; 281 uint8_t qos_telemetry_caps; 282 } QEMU_PACKED *id; 283 QEMU_BUILD_BUG_ON(sizeof(*id) != 0x43); 284 285 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 286 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 287 uint64_t size = cxl_dstate->pmem_size; 288 289 if (!QEMU_IS_ALIGNED(size, CXL_CAPACITY_MULTIPLIER)) { 290 return CXL_MBOX_INTERNAL_ERROR; 291 } 292 293 id = (void *)cmd->payload; 294 memset(id, 0, sizeof(*id)); 295 296 /* PMEM only */ 297 snprintf(id->fw_revision, 0x10, "BWFW VERSION %02d", 0); 298 299 id->total_capacity = size / CXL_CAPACITY_MULTIPLIER; 300 id->persistent_capacity = size / CXL_CAPACITY_MULTIPLIER; 301 id->lsa_size = cvc->get_lsa_size(ct3d); 302 303 *len = sizeof(*id); 304 return CXL_MBOX_SUCCESS; 305 } 306 307 static ret_code cmd_ccls_get_partition_info(struct cxl_cmd *cmd, 308 CXLDeviceState *cxl_dstate, 309 uint16_t *len) 310 { 311 struct { 312 uint64_t active_vmem; 313 uint64_t active_pmem; 314 uint64_t next_vmem; 315 uint64_t next_pmem; 316 } QEMU_PACKED *part_info = (void *)cmd->payload; 317 QEMU_BUILD_BUG_ON(sizeof(*part_info) != 0x20); 318 uint64_t size = cxl_dstate->pmem_size; 319 320 if (!QEMU_IS_ALIGNED(size, CXL_CAPACITY_MULTIPLIER)) { 321 return CXL_MBOX_INTERNAL_ERROR; 322 } 323 324 /* PMEM only */ 325 part_info->active_vmem = 0; 326 part_info->next_vmem = 0; 327 part_info->active_pmem = size / CXL_CAPACITY_MULTIPLIER; 328 part_info->next_pmem = 0; 329 330 *len = sizeof(*part_info); 331 return CXL_MBOX_SUCCESS; 332 } 333 334 static ret_code cmd_ccls_get_lsa(struct cxl_cmd *cmd, 335 CXLDeviceState *cxl_dstate, 336 uint16_t *len) 337 { 338 struct { 339 uint32_t offset; 340 uint32_t length; 341 } QEMU_PACKED *get_lsa; 342 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 343 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 344 uint32_t offset, length; 345 346 get_lsa = (void *)cmd->payload; 347 offset = get_lsa->offset; 348 length = get_lsa->length; 349 350 if (offset + length > cvc->get_lsa_size(ct3d)) { 351 *len = 0; 352 return CXL_MBOX_INVALID_INPUT; 353 } 354 355 *len = cvc->get_lsa(ct3d, get_lsa, length, offset); 356 return CXL_MBOX_SUCCESS; 357 } 358 359 static ret_code cmd_ccls_set_lsa(struct cxl_cmd *cmd, 360 CXLDeviceState *cxl_dstate, 361 uint16_t *len) 362 { 363 struct set_lsa_pl { 364 uint32_t offset; 365 uint32_t rsvd; 366 uint8_t data[]; 367 } QEMU_PACKED; 368 struct set_lsa_pl *set_lsa_payload = (void *)cmd->payload; 369 CXLType3Dev *ct3d = container_of(cxl_dstate, CXLType3Dev, cxl_dstate); 370 CXLType3Class *cvc = CXL_TYPE3_GET_CLASS(ct3d); 371 const size_t hdr_len = offsetof(struct set_lsa_pl, data); 372 uint16_t plen = *len; 373 374 *len = 0; 375 if (!plen) { 376 return CXL_MBOX_SUCCESS; 377 } 378 379 if (set_lsa_payload->offset + plen > cvc->get_lsa_size(ct3d) + hdr_len) { 380 return CXL_MBOX_INVALID_INPUT; 381 } 382 plen -= hdr_len; 383 384 cvc->set_lsa(ct3d, set_lsa_payload->data, plen, set_lsa_payload->offset); 385 return CXL_MBOX_SUCCESS; 386 } 387 388 #define IMMEDIATE_CONFIG_CHANGE (1 << 1) 389 #define IMMEDIATE_DATA_CHANGE (1 << 2) 390 #define IMMEDIATE_POLICY_CHANGE (1 << 3) 391 #define IMMEDIATE_LOG_CHANGE (1 << 4) 392 393 static struct cxl_cmd cxl_cmd_set[256][256] = { 394 [EVENTS][GET_RECORDS] = { "EVENTS_GET_RECORDS", 395 cmd_events_get_records, 1, 0 }, 396 [EVENTS][CLEAR_RECORDS] = { "EVENTS_CLEAR_RECORDS", 397 cmd_events_clear_records, ~0, IMMEDIATE_LOG_CHANGE }, 398 [EVENTS][GET_INTERRUPT_POLICY] = { "EVENTS_GET_INTERRUPT_POLICY", 399 cmd_events_get_interrupt_policy, 0, 0 }, 400 [EVENTS][SET_INTERRUPT_POLICY] = { "EVENTS_SET_INTERRUPT_POLICY", 401 cmd_events_set_interrupt_policy, 4, IMMEDIATE_CONFIG_CHANGE }, 402 [FIRMWARE_UPDATE][GET_INFO] = { "FIRMWARE_UPDATE_GET_INFO", 403 cmd_firmware_update_get_info, 0, 0 }, 404 [TIMESTAMP][GET] = { "TIMESTAMP_GET", cmd_timestamp_get, 0, 0 }, 405 [TIMESTAMP][SET] = { "TIMESTAMP_SET", cmd_timestamp_set, 8, IMMEDIATE_POLICY_CHANGE }, 406 [LOGS][GET_SUPPORTED] = { "LOGS_GET_SUPPORTED", cmd_logs_get_supported, 0, 0 }, 407 [LOGS][GET_LOG] = { "LOGS_GET_LOG", cmd_logs_get_log, 0x18, 0 }, 408 [IDENTIFY][MEMORY_DEVICE] = { "IDENTIFY_MEMORY_DEVICE", 409 cmd_identify_memory_device, 0, 0 }, 410 [CCLS][GET_PARTITION_INFO] = { "CCLS_GET_PARTITION_INFO", 411 cmd_ccls_get_partition_info, 0, 0 }, 412 [CCLS][GET_LSA] = { "CCLS_GET_LSA", cmd_ccls_get_lsa, 8, 0 }, 413 [CCLS][SET_LSA] = { "CCLS_SET_LSA", cmd_ccls_set_lsa, 414 ~0, IMMEDIATE_CONFIG_CHANGE | IMMEDIATE_DATA_CHANGE }, 415 }; 416 417 void cxl_process_mailbox(CXLDeviceState *cxl_dstate) 418 { 419 uint16_t ret = CXL_MBOX_SUCCESS; 420 struct cxl_cmd *cxl_cmd; 421 uint64_t status_reg; 422 opcode_handler h; 423 uint64_t command_reg = cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_CMD]; 424 425 uint8_t set = FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND_SET); 426 uint8_t cmd = FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND); 427 uint16_t len = FIELD_EX64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH); 428 cxl_cmd = &cxl_cmd_set[set][cmd]; 429 h = cxl_cmd->handler; 430 if (h) { 431 if (len == cxl_cmd->in || cxl_cmd->in == ~0) { 432 cxl_cmd->payload = cxl_dstate->mbox_reg_state + 433 A_CXL_DEV_CMD_PAYLOAD; 434 ret = (*h)(cxl_cmd, cxl_dstate, &len); 435 assert(len <= cxl_dstate->payload_size); 436 } else { 437 ret = CXL_MBOX_INVALID_PAYLOAD_LENGTH; 438 } 439 } else { 440 qemu_log_mask(LOG_UNIMP, "Command %04xh not implemented\n", 441 set << 8 | cmd); 442 ret = CXL_MBOX_UNSUPPORTED; 443 } 444 445 /* Set the return code */ 446 status_reg = FIELD_DP64(0, CXL_DEV_MAILBOX_STS, ERRNO, ret); 447 448 /* Set the return length */ 449 command_reg = FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND_SET, 0); 450 command_reg = FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, COMMAND, 0); 451 command_reg = FIELD_DP64(command_reg, CXL_DEV_MAILBOX_CMD, LENGTH, len); 452 453 cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_CMD] = command_reg; 454 cxl_dstate->mbox_reg_state64[R_CXL_DEV_MAILBOX_STS] = status_reg; 455 456 /* Tell the host we're done */ 457 ARRAY_FIELD_DP32(cxl_dstate->mbox_reg_state32, CXL_DEV_MAILBOX_CTRL, 458 DOORBELL, 0); 459 } 460 461 int cxl_initialize_mailbox(CXLDeviceState *cxl_dstate) 462 { 463 /* CXL 2.0: Table 169 Get Supported Logs Log Entry */ 464 const char *cel_uuidstr = "0da9c0b5-bf41-4b78-8f79-96b1623b3f17"; 465 466 for (int set = 0; set < 256; set++) { 467 for (int cmd = 0; cmd < 256; cmd++) { 468 if (cxl_cmd_set[set][cmd].handler) { 469 struct cxl_cmd *c = &cxl_cmd_set[set][cmd]; 470 struct cel_log *log = 471 &cxl_dstate->cel_log[cxl_dstate->cel_size]; 472 473 log->opcode = (set << 8) | cmd; 474 log->effect = c->effect; 475 cxl_dstate->cel_size++; 476 } 477 } 478 } 479 480 return qemu_uuid_parse(cel_uuidstr, &cel_uuid); 481 } 482